Stop using deprecated functions in the library

all.sh -k '*deprecated*' now passes again Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-11-25 15:15:47 +01:00 · 2020-12-01 11:43:40 +01:00 · 2020-12-01 11:43:40 +01:00 · f5cf71e14a
commit f5cf71e14a
parent 513c243317
2 changed files with 21 additions and 24 deletions
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -850,20 +850,21 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
         * Encrypt and authenticate
         */

-        if( ( ret = mbedtls_cipher_auth_encrypt( &transform->cipher_ctx_enc,
+        if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
                   iv, transform->ivlen,
-                   add_data, add_data_len,       /* add data     */
-                   data, rec->data_len,          /* source       */
-                   data, &rec->data_len,         /* destination  */
-                   data + rec->data_len, transform->taglen ) ) != 0 )
+                   add_data, add_data_len,
+                   data, rec->data_len,                     /* src */
+                   data, rec->buf_len - (data - rec->buf),  /* dst */
+                   &rec->data_len,
+                   transform->taglen ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret );
            return( ret );
        }
        MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag",
-                               data + rec->data_len, transform->taglen );
+                               data + rec->data_len - transform->taglen,
+                               transform->taglen );
        /* Account for authentication tag. */
-        rec->data_len += transform->taglen;
        post_avail -= transform->taglen;

        /*
@ -1420,12 +1421,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
        /*
         * Decrypt and authenticate
         */
-        if( ( ret = mbedtls_cipher_auth_decrypt( &transform->cipher_ctx_dec,
+        if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
                  iv, transform->ivlen,
                  add_data, add_data_len,
-                  data, rec->data_len,
-                  data, &olen,
-                  data + rec->data_len,
+                  data, rec->data_len + transform->taglen,          /* src */
+                  data, rec->buf_len - (data - rec->buf), &olen,    /* dst */
                  transform->taglen ) ) != 0 )
        {
            MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_decrypt", ret );
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -209,7 +209,6 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
    unsigned char *iv = start + TICKET_KEY_NAME_BYTES;
    unsigned char *state_len_bytes = iv + TICKET_IV_BYTES;
    unsigned char *state = state_len_bytes + TICKET_CRYPT_LEN_BYTES;
-    unsigned char *tag;
    size_t clear_len, ciph_len;

    *tlen = 0;
@ -250,23 +249,23 @@ int mbedtls_ssl_ticket_write( void *p_ticket,
    state_len_bytes[1] = ( clear_len      ) & 0xff;

    /* Encrypt and authenticate */
-    tag = state + clear_len;
-    if( ( ret = mbedtls_cipher_auth_encrypt( &key->ctx,
+    if( ( ret = mbedtls_cipher_auth_encrypt_ext( &key->ctx,
                    iv, TICKET_IV_BYTES,
                    /* Additional data: key name, IV and length */
                    key_name, TICKET_ADD_DATA_LEN,
-                    state, clear_len, state, &ciph_len,
-                    tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
+                    state, clear_len,
+                    state, end - state, &ciph_len,
+                    TICKET_AUTH_TAG_BYTES ) ) != 0 )
    {
        goto cleanup;
    }
-    if( ciph_len != clear_len )
+    if( ciph_len != clear_len + TICKET_AUTH_TAG_BYTES )
    {
        ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
        goto cleanup;
    }

-    *tlen = TICKET_MIN_LEN + ciph_len;
+    *tlen = TICKET_MIN_LEN + ciph_len - TICKET_AUTH_TAG_BYTES;

 cleanup:
 #if defined(MBEDTLS_THREADING_C)
@ -308,7 +307,6 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
    unsigned char *iv = buf + TICKET_KEY_NAME_BYTES;
    unsigned char *enc_len_p = iv + TICKET_IV_BYTES;
    unsigned char *ticket = enc_len_p + TICKET_CRYPT_LEN_BYTES;
-    unsigned char *tag;
    size_t enc_len, clear_len;

    if( ctx == NULL || ctx->f_rng == NULL )
@ -326,7 +324,6 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
        goto cleanup;

    enc_len = ( enc_len_p[0] << 8 ) | enc_len_p[1];
-    tag = ticket + enc_len;

    if( len != TICKET_MIN_LEN + enc_len )
    {
@ -344,13 +341,13 @@ int mbedtls_ssl_ticket_parse( void *p_ticket,
    }

    /* Decrypt and authenticate */
-    if( ( ret = mbedtls_cipher_auth_decrypt( &key->ctx,
+    if( ( ret = mbedtls_cipher_auth_decrypt_ext( &key->ctx,
                    iv, TICKET_IV_BYTES,
                    /* Additional data: key name, IV and length */
                    key_name, TICKET_ADD_DATA_LEN,
-                    ticket, enc_len,
-                    ticket, &clear_len,
-                    tag, TICKET_AUTH_TAG_BYTES ) ) != 0 )
+                    ticket, enc_len + TICKET_AUTH_TAG_BYTES,
+                    ticket, enc_len, &clear_len,
+                    TICKET_AUTH_TAG_BYTES ) ) != 0 )
    {
        if( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED )
            ret = MBEDTLS_ERR_SSL_INVALID_MAC;